erx3:vrA(config)#
interface tunnel ipsec:Aboston2boca transport-virtual-router
default
erx3:vrA(config-if)#
tunnel transform-set customerAprotection
erx3:vrA(config-if)#
tunnel local-identity subnet 10.3.0.0 255.255.0.0
erx3:vrA(config-if)#
tunnel peer-identity subnet 10.2.0.0 255.255.0.0
erx3:vrA(config-if)#
tunnel source 5.3.0.1
erx3:vrA(config-if)#
tunnel destination 5.2.0.1
erx3:vrA(config-if)#
ip address 10.1.0.0 255.255.0.0
erx3:vrA(config-if)#
exit
Virtual router B:
erx3(config)#
virtual-router vrB
erx3:vrB(config)#
Tunnel from Boston to Ottawa on virtual router B:
erx3:vrB(config)#
interface tunnel ipsec:Bboston2ottawa transport-virtual-router
default
erx3:vrB(config-if)#
tunnel transform-set customerBprotection
erx3:vrB(config-if)#
tunnel local-identity subnet 10.3.0.0 255.255.0.0
erx3:vrB(config-if)#
tunnel peer-identity subnet 10.1.0.0 255.255.0.0
erx3:vrB(config-if)#
tunnel source 5.3.0.1
erx3:vrB(config-if)#
tunnel destination 5.1.0.1
erx3:vrB(config-if)#
ip address 10.1.0.0 255.255.0.0
erx3:vrB(config-if)#
exit
Tunnel from Boston to Boca on virtual router B:
erx3:vrB(config)#
interface tunnel ipsec:Bboston2boca transport-virtual-router
default
erx3:vrB(config-if)#
tunnel transform-set customerBprotection
erx3:vrB(config-if)#
tunnel local-identity subnet 10.3.0.0 255.255.0.0
erx3:vrB(config-if)#
tunnel peer-identity subnet 10.2.0.0 255.255.0.0
erx3:vrB(config-if)#
tunnel source 5.3.0.1
erx3:vrB(config-if)#
tunnel destination 5.2.0.1
erx3:vrB(config-if)#
ip address 10.2.0.0 255.255.0.0
erx3:vrB(config-if)#
exit
The configuration is complete. Customer A's traffic and customer B's traffic can flow
through the public, or untrusted, IP network inside a tunnel, where each packet is
encrypted and authenticated.
Monitoring IPSec
This section contains information about troubleshooting and monitoring IPSec.
System Event Logs
To troubleshoot and monitor IPSec, use the following system event logs:
■
auditIpsec—Lower layers of IKE SA negotiations
■
ikepki—Upper layers of IKE SA negotiations
168
■
Monitoring IPSec
JUNOSe 11.1.x IP Services Configuration Guide
Содержание IP SERVICES - CONFIGURATION GUIDE V 11.1.X
Страница 6: ...vi...
Страница 8: ...viii JUNOSe 11 1 x IP Services Configuration Guide...
Страница 18: ...xviii Table of Contents JUNOSe 11 1 x IP Services Configuration Guide...
Страница 20: ...xx List of Figures JUNOSe 11 1 x IP Services Configuration Guide...
Страница 22: ...xxii List of Tables JUNOSe 11 1 x IP Services Configuration Guide...
Страница 28: ...2 Chapters JUNOSe 11 1 x IP Services Configuration Guide...
Страница 138: ...112 Monitoring J Flow Statistics JUNOSe 11 1 x IP Services Configuration Guide...
Страница 286: ...260 Monitoring IP Tunnels JUNOSe 11 1 x IP Services Configuration Guide...
Страница 312: ...286 Monitoring IP Reassembly JUNOSe 11 1 x IP Services Configuration Guide...
Страница 357: ...Part 2 Index Index on page 333 Index 331...
Страница 358: ...332 Index JUNOSe 11 1 x IP Services Configuration Guide...
